TY - GEN
T1 - A novel hierarchical parallelism for accelerating NIDS using GPUs
AU - Lin, Cheng Hung
AU - Hsieh, Cheng Hung
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/6/22
Y1 - 2018/6/22
N2 - Multi-string matching has been widely used in network intrusion detection systems to detect network attacks and malicious network packets by matching packet contents with thousands of attack patterns. Due to the rapid increase of network attacks and network speeds, multi-string matching faces higher performance and throughput challenges. In order to improve the performance and throughput of multi-string matching, this paper presents a hierarchical parallelism that accelerates multi-string matching on multiple GPUs. The hierarchical parallelism consists of three layers of parallelism. From top to bottom, the first layer is the data parallelism on multiple GPUs, the second layer is the task parallelism on a single GPU, and the last layer is the data parallelism of the Aho-Corasick algorithm. Experimental results show that the hierarchical parallelism on a machine featured with four Titan X GPUs achieves up to 70 Gbps of throughput, more than 40 times faster than the Aho-Corasick algorithm used in Snort. As the number of GPUs increases, the throughput of the hierarchical parallelism will increase. In addition, the proposed approach adopts perfect hashing to construct state machines and achieves up to 99.2% of memory reduction on Snort. Finally, the proposed hierarchical parallelism is implemented in the open source network intrusion detection system, Snort.
AB - Multi-string matching has been widely used in network intrusion detection systems to detect network attacks and malicious network packets by matching packet contents with thousands of attack patterns. Due to the rapid increase of network attacks and network speeds, multi-string matching faces higher performance and throughput challenges. In order to improve the performance and throughput of multi-string matching, this paper presents a hierarchical parallelism that accelerates multi-string matching on multiple GPUs. The hierarchical parallelism consists of three layers of parallelism. From top to bottom, the first layer is the data parallelism on multiple GPUs, the second layer is the task parallelism on a single GPU, and the last layer is the data parallelism of the Aho-Corasick algorithm. Experimental results show that the hierarchical parallelism on a machine featured with four Titan X GPUs achieves up to 70 Gbps of throughput, more than 40 times faster than the Aho-Corasick algorithm used in Snort. As the number of GPUs increases, the throughput of the hierarchical parallelism will increase. In addition, the proposed approach adopts perfect hashing to construct state machines and achieves up to 99.2% of memory reduction on Snort. Finally, the proposed hierarchical parallelism is implemented in the open source network intrusion detection system, Snort.
KW - Aho-Corasick algorithm
KW - graphics processing units
KW - multiple string matching
KW - network intrusion detection systems
UR - http://www.scopus.com/inward/record.url?scp=85050311804&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85050311804&partnerID=8YFLogxK
U2 - 10.1109/ICASI.2018.8394319
DO - 10.1109/ICASI.2018.8394319
M3 - Conference contribution
AN - SCOPUS:85050311804
T3 - Proceedings of 4th IEEE International Conference on Applied System Innovation 2018, ICASI 2018
SP - 578
EP - 581
BT - Proceedings of 4th IEEE International Conference on Applied System Innovation 2018, ICASI 2018
A2 - Lam, Artde Donald Kin-Tak
A2 - Prior, Stephen D.
A2 - Meen, Teen-Hang
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th IEEE International Conference on Applied System Innovation, ICASI 2018
Y2 - 13 April 2018 through 17 April 2018
ER -